英[ˈspeʃl] 美[ˈspɛʃəl]

adj.Special; special; dedicated; important

n.Special car; special offer; special issue; special edition

Plural: specials Comparative: more special Superlative: most special

php htmlspecialchars() function syntax

Function: The function converts predefined characters into HTML entities. The predefined characters are: & (ampere) becomes &, " (double quote) becomes ", ' (single quote) becomes ', < (less than) becomes <, > (greater than) becomes >.

Syntax: htmlspecialchars(string,flags,character-set,double_encode)

Parameters:

ParameterDescription
string Required, specifies the string to be converted.
flags

Optional. Specifies how to handle quotes, invalid encodings, and which document type to use. Available quote types: ENT_COMPAT - Default. Only double quotes

are encoded. ENT_QUOTES - Encodes double and single quotes.

ENT_NOQUOTES - Do not encode any quotes. Invalid encoding: ENT_IGNORE - Ignore invalid encodings instead of having the function return an empty string. This should be avoided as this may have an impact on security.

ENT_SUBSTITUTE - Substitutes an invalid encoding with the specified character with the Unicode substitution character U FFFD (UTF-8) or &#FFFD; instead of returning an empty string.

ENT_DISALLOWED - Replaces invalid code points in the specified document type with the Unicode replacement character U FFFD (UTF-8) or &#FFFD;. Additional flags specifying the document type to use: ENT_HTML401 - Default. Code processed as HTML 4.01. ENT_HTML5 - Process code as HTML 5. ENT_XML1 - Code processed as XML 1. ENT_XHTML - as XHTML processing code.

character-set Optional. A string specifying the character set to be used. Allowed values: UTF-8 - Default. ASCII compatible multi-byte 8-bit Unicode ISO-8859-1 - Western Europe ISO-8859-15 - Western Europe (adds French and Finnish letters missing from ISO-8859-1 for Euro symbol) cp866 - DOS-specific Cyrillic character set cp1251 - Windows Special Cyrillic character set cp1252 - Windows special Western European character set KOI8-R - Russian BIG5 - Traditional Chinese, mainly used in Taiwan, GB2312 - Simplified Chinese, national standard character set, BIG5-HKSCS - Big5 with Hong Kong extension, Shift_JIS - Japanese, EUC-JP - Japanese, MacRoman - the character set used by the Mac operating system. In versions prior to PHP 5.4, unrecognized character sets will be ignored and replaced by ISO-8859-1. As of PHP 5.4, unrecognized character sets are ignored and replaced by UTF-8.
double_encodeOptional, Boolean value, specifies whether to encode existing HTML entities. TRUE - Default. Each entity will be converted. FALSE - Existing HTML entities will not be encoded.

Description: Returns the converted string. If string contains an invalid encoding, an empty string is returned unless ENT_IGNORE is set or ENT_SUBSTITUTE flag.

php htmlspecialchars() function example

<?php
$i = "<script>alert('hello world')</script>";
$j = htmlspecialchars($i);
echo $j;
?>

Run instance»

Click the "Run instance" button to view the online instance

Output:

<script>alert('hello world')</script>
<?php
$new = htmlspecialchars("<a href='test'>Test</a>", ENT_QUOTES);
echo $new; // <a href='test'>Test</a>
?>

Run Instance»

Click the "Run Instance" button to view the online instance

Output:

<a href='test'>Test</a>